Resources Banner

Glossary - F



Fake Session

This Attack generates a forged SYN, multiple ACK and then one or more FIN/ RST packets. These packets together appear to look like a valid TCP session from one direction. Most networks implement asymmetric routing techniques, in which incoming packets and outgoing packets travel on different links to optimize cost and performance. In turn, modern network defense tools are designed to monitor single directional traffic and do not rely on the return traffic from the server. This attack fakes a complete TCP communication and is designed to fool new defense tools that only monitor incoming traffic to the network. There are two variations of this attack: the first variation generates multiple forged SYNs, then multiple ACKs, followed by one or more FIN/RST packets, and the second variation skips the initial SYN, and starts by generating multiple ACKs, followed by one or more FIN/RST packets. The low TCP-SYN rate makes the attack harder to detect than a typical SYN flood while achieving the same result: the depletion of the victim’s system resources.


Faulty Application

DDoS attackers take advantage of websites with poor designs or improper integration with databases. Using SQL-like injections, an attacker can generate requests that will lock up database queries. These attacks are highly specific and effective because they consume server resources (memory, CPU, etc.).


Fragmented ACK

A variation of the ACK & PUSH ACK Flood. This attack uses 1500 byte size packets to consume large amounts of bandwidth, while generating a relatively moderate packet rate. Because routers do not reassemble fragmented packets at the IP level, these packets usually pass through routers, ACL, firewalls, and IDS/IPS unimpeded. The packet content is usually randomized, irrelevant data. The attacker’s goal is to consume all bandwidth of the victim’s network. A Fragmented ACK attack will affect performance of all servers in the victim’s network.